Configuring user accounts and SSL VPN user groups

Configuring a FortiGate SSL VPN

7To activate the split tunnel feature, select Enable Split Tunneling. Split tunneling ensures that only the traffic for the private network is sent to the SSL VPN gateway. Internet traffic is sent through the usual unencrypted route.

8To override the Tunnel IP range defined in VPN > SSL > Config, enter the starting and ending IP address range for this group in the Restrict tunnel IP range for this group fields.

Note: If you configure a user group and define Restrict tunnel IP range for this group, the group range is used in the SSL VPN configuration. If you do not define a range of global IP addresses, you must define a group range. If you define both IP address ranges, the group level range is applied to the configuration.

9If the user group requires web-only-mode access, select Enable Web Application and then select the web applications and/or network file services that the user group needs. The corresponding server applications can be running on the network behind the FortiGate unit or accessed remotely through the Internet.

10To enable client-integrity checking options, select from the following:

Check FortiClient AV Installed and Running

Check FortiClient FW Installed and Running

Check for Third Party AV Software

Check for Third Party Firewall Software

Require Virtual Desktop Connection

The client-integrity checking options determine whether the FortiClient™ Host Security application or other antivirus/firewall applications are running on the client computer before a tunnel is established. The host-checking function is performed by the ActiveX/Java Platform control, which is downloaded and installed on the client computer the first time the client initiates the SSL VPN portal.

Note: The user account used to install the SSL VPN client on the remote computer must have administrator privileges. If the user account does not have administrator privileges, the installation will fail (with Windows, there will be no error message with a failed installation). After the ActiveX or Java Platform control is installed, the client computer can be used by a user who does not have administrator privileges.

If there are no applications installed and enabled on the client computer, the connection is refused. Table 1 lists the products supported for clients who have Windows XP SP2. All other systems must have Norton (Symantec) AntiVirus or McAfee VirusScan software installed and enabled.

 

FortiOS v3.0 MR7 SSL VPN User Guide

42

01-30007-0348-20080718

Page 41 Page 43
Page 42
Image 42
Fortinet FORTIOS V3.0 MR7 manual Configuring user accounts and SSL VPN user groups
Page 41 Page 43

FORTIOS V3.0 MR7 specifications

Fortinet's FortiOS v3.0 MR7 marks a significant advancement in network security and management, providing organizations with enhanced features, technologies, and characteristics to better protect their IT environments. This version of FortiOS is designed to facilitate comprehensive security and optimized performance, ensuring that organizations can safeguard their networks against evolving threats.

One of the main features in FortiOS v3.0 MR7 is its robust firewall capabilities. The stateful firewall technology enables dynamic packet filtering based on predefined security policies. This strengthens the organization's perimeter defense by allowing or denying traffic based on user-defined rules. Additionally, the integrated Application Control feature extends the firewall's capabilities by identifying and controlling applications regardless of port usage, enabling organizations to enforce security policies on a finer-grained level.

FortiOS v3.0 MR7 also introduces advanced intrusion prevention system (IPS) functionalities. The next-generation IPS utilizes deep packet inspection and real-time threat intelligence to detect and block attacks before they can compromise the network. Coupled with Fortinet’s threat research team, which ensures timely updates of security signatures, this system helps organizations mitigate risks posed by sophisticated cyber threats.

Another key characteristic of FortiOS v3.0 MR7 is its enhanced VPN capabilities. The support for both SSL and IPsec VPN allows secure remote access for employees and offers flexible options for secure communication over the internet. This feature is essential for organizations that embrace remote work, ensuring that sensitive data remains protected regardless of the user's location.

In addition to its powerful security features, FortiOS v3.0 MR7 includes advanced reporting and logging capabilities. Users can generate detailed reports that highlight security events, traffic patterns, and performance metrics. This data not only improves visibility into network security but also assists in compliance with regulatory requirements.

Moreover, the platform's user-friendly interface enhances the overall management experience. Administrators can quickly configure settings, monitor activity, and respond to incidents effectively. With centralized management capabilities, FortiOS v3.0 MR7 allows organizations to manage multiple devices from a single console, simplifying operations and reducing administrative overhead.

In summary, Fortinet's FortiOS v3.0 MR7 integrates a wealth of security features, including a stateful firewall, advanced IPS, VPN support, and comprehensive reporting functions. Together, these technologies ensure that organizations can maintain a strong security posture in an increasingly complex threat landscape.
Top Page Image Contents